Security News > 2021 > March > Latest Mirai Variant Targets SonicWall, D-Link and IoT Devices

A new Mirai variant is targeting known flaws in D-Link, Netgear and SonicWall devices, as well as newly-discovered flaws in unknown IoT devices.

A new variant of the Mirai botnet has been discovered targeting a slew of vulnerabilities in unpatched D-Link, Netgear and SonicWall devices - as well as never-before-seen flaws in unknown internet-of-things gadgets.

The known vulnerabilities exploited include: A SonicWall SSL-VPN exploit; a D-Link DNS-320 firewall exploit; Yealink Device Management remote code-execution flaws; a Netgear ProSAFE Plus RCE flaw; an RCE flaw in Micro Focus Operation Bridge Reporter; and a Netis WF2419 wireless router exploit.

"The VisualDoor exploit in question targets an old SSL-VPN firmware vulnerability that was patched on legacy products in 2015 with 7.5.1.4-43sv and 8.0.0.4-25sv releases," a SonicWall spokesperson told Threatpost.

Mirai Variants Continue to Pop Up. The variant is only the latest to rely on Mirai's source code, which has proliferated into more than 60 variants since bursting on the scene with a massive distributed denial of service takedown of DNS provider Dyn in 2016.

Last year, a Mirai variant was found targeting Zyxel network-attached storage devices using a critical vulnerability that was only recently discovered, according to security researchers.

News URL

https://threatpost.com/mirai-variant-sonicwall-d-link-iot/164811/